Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

{
"MetadataAddress": "https://adfs.cloud.weir/FederationMetadata/2007-06/FederationMetadata.xml",
"Wtrealm": "https://onelist-dev.cloud.weir/"
}

Azure AD configuration

DO NOT use the .Net MicrosoftAccount provider for Azure AD because it uses OAuth flow and won't be able to get custom claims. Only OIDC flow can retrieve custom claims.

Steps to register OneList on AAD: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

The Redirect URI for OneList is: https://iqx.onelistapprovals.com/rolemanager/signin-microsoftazure

If OneList is registered for multi-tenant , configure RoleManager using this JSON:

{"clientid":"xxxxx","clientsecret":"xxxxx"}

If OneList is registered for single-tenant, configure then tenant_id = common

Configure RoleManager using this JSON:

{
"clientid": "xxxxx",
"clientsecret": "xxxx",
"AuthorizationEndpointAuthority": "https://login.microsoftonline.com/<Tenant_id>/oauth2<tenat_id>/v2.0/authorize",
"CallbackPath": "/signin-azure",
"TokenEndpointPrompt": "https://login.microsoftonline.com/<Tenant_id>/oauth2/v2.0/token"select_account",
"SaveTokens": false,
"UserNameClaim": "<custom user name claim>"
}

To avoid auto sign-in, add the following to the JSON.

"AuthorizationEndpointPrompt": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=select_account